Methods and apparatus for providing a partial dual-encrypted stream in a conditional access overlay system

ABSTRACT

The present invention is directed towards providing a partial dual-encrypted stream in a conditional access overlay system. The headend equipment includes an aligner, identifier, and remapper (AIR) device ( 615 ) that receives a clear stream and one or two encrypted streams, where the two encrypted streams have been encrypted by two different encryption schemes. The AIR device ( 615 ) identifies critical packets associated with the clear stream and subsequently allows two encrypted streams to pass and drops the critical packets of the clear stream. A multiplexer ( 640 ) then combines a percentage of the non-critical packets of the clear stream and the critical packets of the two encrypted streams to provide the partial dual-encrypted stream.

CROSS REFERENCE TO RELATED APPLICATIONS

The present application is a continuation-in-part of co-pendingapplication Ser. No. 10/602,986 entitled “Method for PartiallyEncrypting Program Data” filed Jun. 25, 2003, which was filedsimultaneously with applications Ser. No. 10/602,988 and 10/602,987,which were a continuation of application Ser. No. 09/930,901 filed Aug.16, 2001, now U.S. Pat. No. 6,937,729 which is a continuation ofapplication Ser. No. 09/487,076, filed Jan. 19, 2000, now U.S. Pat. No.6,292,568, which is a continuation of application Ser. No. 09/126,783,filed Jul. 31, 1998, presently abandoned, which claims the benefit ofU.S. Prov. App. No. 60/054,575, filed Aug. 1, 1997; and is a CIP ofapplication Ser. No. 09/111,958, filed Jul. 8, 1998, now abandoned,which claims the benefit of U.S. Prov. App. No. 60/054,578, filed Aug.1, 1997; and is CIP of application Ser. No. 08/767,535, filed Dec. 16,1996, now U.S. Pat. No. 6,005,938; and is a CIP of application Ser. No.08/580,759 filed Dec. 29, 1995, now U.S. Pat. No. 5,870,474, whichclaims the benefit of U.S. Prov. App. No. 60/007,962, filed Dec. 4,1995; and is CIP of application Ser. No. 08/415,617, filed Apr. 3, 1995,now U.S. Pat. No. 5,742,677.

The present application descends from an application, which was one ofseven original applications with identical Detailed Descriptions. All ofthese applications have the same filing date and the same assignee. Theserial numbers and filing dates of the six applications follow:

Ser. No. 09/127,352, filed Jul. 31, 1998, presently abandoned, for whicha continuation Ser. No. 09/488,230 was filed on Jan. 20, 2000, whichissued as U.S. Pat. No. 6,252,964, and continuation Ser. No. 09/811,085was filed on Mar. 16, 2001, which issued as U.S. Pat. No. 6,516,412, andcontinuation Ser. No. 10/287,913 was filed on Nov. 5, 2002, currentlypending;

Ser. No. 09/126,921, filed Jul. 31, 1998, which issued as U.S. Pat. No.6,157,719, for which a continuation Ser. No. 09/135,615 was filed onAug. 18, 1998, which issued as U.S. Pat. No. 6,424,714;

Ser. No. 09/127,273, filed Jul. 31, 1998, presently abandoned, for whicha continuation Ser. No. 09/493,409 was filed on Jan. 28, 2000, whichissued as U.S. Pat. No. 6,560,340, and for which continuation Ser. No.10/377,416 was filed on Mar. 3, 2003, which is currently pending;

Ser. No. 09/127,152, filed Jul. 31, 1998, presently abandoned, for whicha continuation Ser. No. 09/488,104 was filed on Jan. 20, 2000, whichissued as U.S. Pat. No. 6,246,767; for which continuation Ser. No.09/748,313 was filed on Dec. 26, 2000, which issued as U.S. Pat. No.6,526,508; and for which continuation Ser. No. 09/881,428 was filed onJun. 14, 2001, currently pending;

Ser. No. 09/126,888, filed Jul. 31, 1998, presently abandoned, for whicha continuation Ser. No. 09/464,794 was filed on Dec. 16, 1999, whichissued as U.S. Pat. No. 6,424,717; and

Ser. No. 09/126,795, filed Jul. 31, 1998, which issued as U.S. Pat. No.6,105,134.

FIELD OF THE INVENTION

The present invention relates generally to the field of encryptedstreams in a communications system, and more specifically towardsmethods and apparatus for transmitting dual encrypted streams in acommunications system.

BACKGROUND OF THE INVENTION

The control of the content is important in order to protect theprogramming from, for example, nonpaying customers. A conventionalcommunications system, such as a cable television system, therefore,typically applies an encryption scheme to television content in order toprevent unrestricted access. Once a system operator chooses anencryption scheme, the operator installs all of the necessary headendequipment (e.g., Scientific-Atlanta's conditional access software andequipment). The devices (set-tops) located at the subscriber's premisesmust be compatible with the encryption scheme in order to decrypt thecontent for viewing. Due to the proprietary systems, however, anoperator is prevented from installing different set-tops that do nothave the proper decryption scheme. If the operator wishes to installdifferent set-tops that decrypt a different conditional access system,the operator would also have to install a second proprietary system tooverlay the incumbent system in order to use both boxes.

It would be to the operator's advantage to be able to choose boxes fromany manufacturer and easily implement different encryption schemes inthe system without duplicating the headend equipment and utilizing extrabandwidth. Some have attempted to address a technique that overlays twoencryption schemes in a system. The present application is directedtowards improvements to and alternative embodiments of a conditionalaccess system that enables different proprietary set-tops that decryptcontent that has been encrypted by different encryption schemes.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of a prior art dual encryption process.

FIG. 2 is an illustration of a program including a critical packet.

FIG. 3 is an illustration of the critical packet and the duplicatedpacket of FIG. 2.

FIG. 4 is a block diagram of a first embodiment of a dual encryptionscheme in accordance with the present invention.

FIG. 5 is an illustration of one program aligner, identifier, andremapper (AIR) device in accordance with the present invention that issuitable for use in an AIR device of FIG. 4.

FIG. 6 is an illustration of a second embodiment of a dual encryptionscheme in accordance with the present invention.

FIG. 7 is an illustration of one program aligner, identifier, andremapper (AIR) device in accordance with the present invention that issuitable for use in the AIR device of FIG. 6.

FIG. 8 provides an example table illustrating the single programs thatmay be provided to an output port of demultiplexers.

FIG. 9 is a state diagram illustrating the comparing of the packets bythe packet comparator of FIG. 5.

DETAILED DESCRIPTION OF A PREFERRED EMBODIMENT

The present invention will be described more fully hereinafter withreference to the accompanying drawings in which like numerals representlike elements throughout the several figures, and in which an exemplaryembodiment of the invention is shown. This invention may, however, beembodied in many different forms and should not be construed as beinglimited to the embodiments set forth herein; rather, the embodiments areprovided so that this disclosure will be thorough and complete, and willfully convey the scope of the invention to those skilled in the art. Thepresent invention is described more fully hereinbelow.

The present invention is directed towards a partial dual encryptionscheme. Methods and apparatus are described that provide a transportstream including a clear stream and dually-encrypted streams. Thepresent invention allows for two different set-tops (i.e., an incumbentset-top and an overlay set-top) to be located in a single system. Eachset-top is designed to decrypt a proprietary encryption scheme.Advantageously, the present invention is accomplished withoutduplicating all of the headend equipment, and without consuming twicethe original bandwidth. It will be appreciated that the incumbentset-tops remain unchanged and are simply conventional devices that aremost likely already deployed in the system.

A clear multiprogram transport stream (MPTS) is provided to a headendfacility. It will be appreciated that the clear MPTS includes severalstreams of unencrypted programs each including video, audio, and datapackets. The packets each have a packet identifier (PID). Typically, anencryption scheme encrypts some or all of the packets (herein referredto as critical packets) of some or all of the programs depending uponthe level of desired security. Further information regarding aconditional access system can be found in U.S. patent application Ser.No. 10/602,986 entitled “Method for Partially Encrypting Program Data”filed Jun. 25, 2003 and U.S. Pat. No. 6,424,717 entitled “ConditionalAccess System” filed Dec. 16, 1999, which are commonly assigned, thedisclosure and teachings of which are hereby incorporated by reference.

FIG. 1 is directed towards a dual encryption scheme, and is taught inU.S. Pat. Application Publication No. US 2003/0026423 A1 by Unger. Aclear stream 105 is provided to a critical packet identifier,duplicator, and remapper device (IDR) 110. The identifier device 100identifies a critical packet in a program. FIG. 2 is an illustration ofa stream including a critical packet 205 having a PID no. 210 (e.g., PID100). The predetermined critical packet 205 is identified from thestream and duplicated. FIG. 3 is an illustration of the critical packetand the duplicated packet of FIG. 2. The IDR 110 of FIG. 1 then remapsthe two critical packets (i.e., the critical packet 205 and theduplicated packet 305) to have differing PID values 310, 315. If, forexample, the PID has an original value of 100, the IDR 100 may remap thecritical packet 205 to have a PID value of 101 (310) and the duplicatedpacket 305 to have a PID value of 102 (315). It is also noted that theduplicated packet 305 is placed immediately following the criticalpacket 205 as taught by Unger.

Referring again to FIG. 1, Scrambler A 115 is then programmed to detectthe PID values of the critical packets (e.g., PID 101) and scramble themwith a first encryption scheme. Scrambler B 120 then detects theduplicated packets having the remapped PID value (e.g., PID 102) andscrambles them according to a second encryption scheme. The transportstream including the clear stream (C) and the two encryption streams (Aand B) are subsequently provided to a PID remapper 125. The PID remapper125 remaps the clear stream (C) to have the same PID value as the firstencryption stream A (e.g., PID 100 to PID 101). The transported streammay then include, for example, a percentage, such as 98%, of the clearstream C and a percentage, such as 2%, of both of the encrypted streamsA and B. In this manner, an incumbent set-top, which is designed todecrypt encryption scheme A, receives 98% of the clear stream and 2% ofthe encrypted stream A. The remaining 2% of the encrypted stream B issimply not processed and discarded.

There are, however, several disadvantages with the teachings of Unger.More specifically, Unger relies on controlling the incumbent headendencryption equipment to the level of specifying exactly which PIDs toencrypt, which would be extremely difficult to accomplish in someexisting encryption systems. For example, a Scientific-Atlantaencryption system, as described in U.S. Pat. No. 6,424,717, does notprovide a control interface to encrypt a specific PID. The encryptionschemes are performed at the program level and would require extensiverecreations of a program mapping table and its associated sessions. Incontrast, the present invention does not require any changes to theincumbent headend equipment or require any special control. Morespecifically, the present invention simply utilizes the output of theexisting headend equipment without modifications. Another disadvantage,is that the teachings of Unger require two operations on the clearstream by the overlayed headend equipment; specifically, a first timefor the critical packet selection and again for the PID remapping. Thepresent invention, however, only processes the streams once using onepiece of equipment. Advantageously, this is an improvement that reducesthe cost and the complexity of the system.

A further advantage of the present invention is that modification of theencryption percentage is accomplished as a function of availablebandwidth in the system. For example, if there is additional bandwidthavailable, the present invention can increase the encrypted percentagefrom, for example, 2% to 6%. Notably, this feature is important to thesystem operators who need to be sensitive of both the required bandwidthand the security level of the programs.

Referring now to FIG. 4, a block diagram is illustrated depicting afirst embodiment of a partial dual encryption scheme in accordance withthe present invention. An MPTS, which is a clear stream C that includesa plurality of programs, is provided to scrambler A 410 and scrambler B415. Scrambler A 410 and scrambler B 415 encrypts the clear stream C andrespectively provides encrypted stream A and encrypted stream B. In atypical application, scrambler A 410 is the existing scrambler of theincumbent encryption scheme, and scrambler B is the additional scramblerrequired for the additional encryption scheme. A demultiplexer 420 iscoupled to scrambler A 410 to demultiplex the encrypted stream A, whichas mentioned includes a combination of programs, to provide a singleprogram to a single output port. Similarly, demultiplexers 425 and 430demultiplex the programs to provide the same single programs to anoutput port.

FIG. 8 provides an example table illustrating the single programs thatmay be provided to an output port of the demultiplexers 420, 425, 430for further processing. For example, a first Program P1 805, which mayinclude video PID 100, audio PID 110, and other PID 120, (which may be adata PID or second audio PID), may be sent to a first output port ofdemultiplexers 420, 425, 430. Similarly, a second Program P2 810, whichmay include video PID 200, audio PID 210, and other PID 220, may be sentto a second output port of demultiplexers 420, 425, 430. It will beappreciated that there can be any number of programs that can beprovided to an output port.

Referring again to FIG. 4, an aligner, identifier, and remapper (AIR)device 435 receives the programs from the output ports of thedemultiplexers 420, 425, 430, where the programs, or streams, (P1, P2,Pn) are,grouped at the input of the AIR device 435, and is discussedbelow. The output streams of the AIR device 435 are provided to amultiplexer 440 that then provides a multiplexed partial dual encryptedtransport stream. Additionally, the demultiplexer 420 coupled toscrambler A, which in this embodiment is assumed to be the incumbentscrambling scheme, also includes an output port 442 that providesundefined packets directly to the multiplexer 440. Due to the fact thatthere may be packets that are intended for purposes that are specific tothe incumbent set-tops, these packets should be allowed to continuethrough the system without any potential alterations or deletion.

FIG. 5 is an illustration of one program aligner, identifier, andremapper (AIR) device 500 in accordance with the present invention thatis suitable for use in the AIR device 435 of FIG. 4. It will beappreciated that the present invention in comparison with the prior artdoes not duplicate or remap critical packets. Additionally, it will beappreciated that more than one program AIR device 500 can be implementedin the AIR device 435 depending upon the number of programs (e.g., P1,P2, Pn) to be processed. Buffer A 505, buffer B 510, and buffer C 515receive the streams A, B, and C from the output the demultiplexers 420,425, 430. The buffers 505, 510, 515 allow a packet comparator 520 tomonitor the streams A, B, and C and align them in time. Alignment may benecessary since the encrypted streams A and B may be somewhat delayedand out of synchronization due to the scramblers 410, 415.

FIG. 9 is a state diagram illustrating the comparing and aligning of thepackets by the packet comparator 520. In the initial state 905, thebuffers 505, 5 10, 515 are filled with packets, and the packetcomparator 520 begins searching, in state 910, for a reference packet(ref pkt) in the clear stream, which is provided by buffer C 515. Thereference packet may be, for example, a video PID with apayload_unit_start_indicator (PUSI) bit equal to one (1). It will beappreciated that the specifications for this reference packet may haveother specifications, such as an audio PID and the PUSI bit may be equalto 0. The basis for comparison however must be valid for packets in theclear or scrambled state. Further information regarding the PUSI bit canbe found in U.S. Pat. No. 6,424,714 entitled “Conditional AccessSystem.” If the reference packet is not found, the clear stream Cpasses, and the encrypted streams A and B drop in state 915. Thesearching state 910 continues until the reference packet is found in theclear stream C. Subsequently, in state 920, the encrypted streams A andB are compared to the found reference packet. The basis for comparisonis again the video PID, and the presence of the PUSI bit equal to one(1). The basis for comparison is not affected by the fact that scramblerA 410 or B 415 has scrambled the packet. If the packets in either of thestreams A and B do not match, the non-matching packet(s) drop in state925. If buffers A 505 and B 510 are empty, the state returns to state910 and begins searching. Otherwise, state 920 continues comparing thepackets in streams A and B with the reference packet until a match isfound, and the streams are then considered aligned.

In the aligned state 928, state 930 waits until buffers A 505, B 510,and C 515 have greater than one packet. Subsequently, the head packetsare verified to have the same PID value, in state 935. If not, in state940, the packet in stream C passes and packets in streams A and B drop,and state 935 continues verifying the packets. At times, packets in aprogram can be swapped in their position and are essentially out oforder. In that case, passing the packets in the clear stream C ensurethat the packets are passed rather than stalling in the buffers. If thehead packet PID values are the same, the values of thecontinuity_counter field of the packets are then verified to be thesame, in state 945. If not, the assumption is that there is an error inthe alignment, and the comparator 520 returns to the initial state 905.It will be appreciated that the continuity counter of the clear stream Cis used as the reference number. If the continuity counters are the samefor the all the packets in the streams, state 950 releases the packetsfrom the buffers A, B, and C, and returns to the aligned state 930 tocontinue ensuring alignment of the packets. It will be appreciated thatthere are other methods for verifying alignment, other than the use ofthe continuity_count value, such as the presence and length of anadaptation_field, or the presence and value of a program_clock_reference(PCR) value.

It should be noted that MPEG packet processing equipment typicallymodifies the Program Clock Reference (PCR) of programs being processed,to correct for any PCR jitter that would otherwise be introduced. Inthis embodiment, the PCRs of clear stream C are regarded as the primaryPCRs, and all PCR modifications are performed on the values in stream C.If the PCR-bearing packet is also a critical packet, the corrected PCRvalue from stream C is placed into the PCR field in the packet fromstreams A and B.

Referring again to FIG. 5, a remapper 525 remaps the PID value of thereleased packet from stream B to a new PID value, for example, PID 100to PID 101 and/or PID 110 to PID 111, depending upon whether thecritical packet selection includes just video or audio packets orincludes both video and audio packets. A switch 535, 540, 545 then gatesthe released packets of stream A, B, and C.

A selector 530 also receives the released packet of clear stream C,which it uses as a reference stream to control the switches 535, 540,545. In the preferred embodiment of the present invention, the selector530 allows the packets of the clear stream C to pass through to amultiplexer 550 until such time as a critical packet is detected. Again,it will be appreciated that the critical packet can be a video, audio,and/or data packet. When the critical packet is detected, the switch 545opens and switches 535, 540 are closed, thereby allowing the releasedpackets of encrypted streams A and B, which each have the alignedcritical packet, to simultaneously pass through to the multiplexer 550.The multiplexer 550 then combines the packets to provide a partialdual-encrypted transport stream where the dual encryption includespackets encrypted by both scrambler A 410 and scrambler B 415. Themultiplexed stream is then provided to multiplexer 440 (FIG. 4) to becombined with additional partial dual-encrypted program streams. It willbe appreciated that multiplexer 550 provides only a portion of thepacket stream to the overall multiplexer 440 of FIG. 4. In this manner,when bandwidth becomes available in multiplexer 440, a signal indicatingan increase in encrypted packets is allowable is provided to multiplexer550 via feedback loop 560. The multiplexer 550 then relays thisinformation to the selector 530 via feedback loop 565, and the selector530 can then increase the percentage of critical packets, for example,from 2% to 6% of the packets that are considered critical.

FIG. 6 is an illustration of a second embodiment of a partial dualencryption scheme in accordance with the present invention. Theadvantage of the configuration shown in FIG. 6 is that all the elementsrequired to add an additional encryption scheme (Demux 607, 608, AIRdevices 615, and Mux 640) can be implemented in a single piece ofequipment. An MPTS C is provided to scrambler A 605 that provides afirst encrypted stream A. A first demultiplexer 607 receives theencrypted stream A and a second demultiplexer 608 receives the clearstream C in order to demultiplex the plurality of programs into singleprograms. Again, assuming the scrambler A 605 is the incumbentencryption scheme, an output port 609 of the demultiplexer 607 isprovided for unidentified packets and is provided directly to amultiplexer 640 for delivery along with the partial dual-encryptedtransport stream. The common programs from the demultiplexers 607, 608are then provided to an aligner, identifier, and remapper (AIR) device615.

FIG. 7 is an illustration of one program aligner, identifier, andremapper (AIR) device 700 in accordance with the present invention thatis suitable for use in the AIR device 615 of FIG. 6. For a first programPI, the encrypted stream A is buffered in buffer A 710, and buffer C 715receives the clear stream C. A packet comparator 720 compares thepackets to ensure they are aligned due to any delays introduced byscrambler A 705. It will be appreciated that the packet comparator 720operates in a similar manner to the packet comparator 520 of FIG. 5 andin accordance with the state diagram of FIG. 9 for just encrypted streamA. A critical packet selector 725 uses the clear stream C as a referencestream and controls two switches 730, 735 accordingly. Morespecifically, switch 730 allows the packets of clear stream C to passthrough to a multiplexer 740 until a critical packet is detected. Whenthe critical packet is detected, switch 730 provides the packet of clearstream C to scrambler B 745 and switch 735 is also switched, therebyallowing the critical packet of encrypted stream A to pass through tothe multiplexer 740. The scrambler B 745 encrypts the packet of clearstream C according to a second encryption method and provides theencrypted packet to a PID remapper 750. The PID remapper 750 remaps thepacket's PID value to a new PID value (e.g., PID 100 to PID 101 and/orPID 110 to 111). The remapped packet is subsequently provided to themultiplexer 740 for transmitting along with the packet of the encryptedstream A. The scrambler B 745 also controls the PID comparator 720 inorder to prevent packets from being transmitted until the scrambler B745 and the remapper 750 have completed their steps, thereby maintainingproper ordering of packets.

A partial dual-encrypted transport stream is then provided to themuliplexer 640 (FIG. 6) to be combined with other partial dual-encryptedprograms. The combined partial dual-encrypted transport stream is thenprovided to the set-tops and decrypted according to the decryptionmethods (i.e., encryption method A or encryption method B) of theset-top. Similar to the first embodiment of the present invention,multiplexer 740 provides only a portion of the packer steam to theoverall multiplexer 640 of FIG. 6. In this manner, when bandwidthbecomes available in multiplexer 640, a signal indicating an increase inencrypted packets is allowable is provided to multiplexer 740 viafeedback loop 650. The multiplexer 740 the relays this information ofthe remapper 750 via feedback loop 765, and the remapper 750 can thenincrease the percentage of critical packets, for example, from 2% to 6%of the packets that are considered critical.

It will be appreciated that modifications can be made to the twoembodiments that are still within the scope of the invention.Additionally, the present invention can be implemented using hardwareand/or software that are within the scope of one skilled in the art. Theembodiments of the description have been presented for clarificationpurposes; however, the invention is defined by the following claims.

1. A method for providing an encrypted transport stream, the methodcomprising the steps of: receiving a clear stream, the clear streamincluding a plurality of programs, each program comprising a pluralityof packets each having a packet identifier (PID), wherein at least oneof the plurality of packets is designated a critical packet; scramblingthe clear stream according to a first encryption method to provide afirst encryption stream; scrambling the clear stream according to asecond encryption method to provide a second encryption stream; aligningin time the clear stream, the first encryption stream, and the secondencryption stream; after scrambling the clear stream according to thefirst encryption method to provide the first encryption stream and afterscrambling the clear stream according to the second encryption method toprovide the second encryption stream, passing packets of the clearstream through a multiplexer, wherein when the at least one criticalpacket is identified in the packets of the clear stream, the criticalpacket of the clear stream drops and the scrambled critical packetsincluded in the first and second encryption streams pass; andmultiplexing the packets of the clear stream and the critical packets ofthe first and second encryption streams to provide a partial dualencrypted stream.
 2. The method of claim 1, the steps further comprisingremapping at least one PID value associated with the second encryptionstream, whereby the scrambled packets of the first and second encryptionstreams each have a differing PID value.
 3. The method of claim 1,wherein the aligning step comprises buffering each of the clear stream,the first encryption stream, and the second encryption stream.
 4. Themethod of claim 3, the aligning step comprising the further steps of:searching the clear stream for a reference packet; and comparing thereference packet with packets in the first encryption stream and thesecond encryption stream, wherein the packets associated with the clearstream passes and the packets associated with the first and secondencryption streams drop until the packets associated with the first andsecond encryption stream match the reference packet.
 5. The method ofclaim 1, comprising the further step of demultiplexing each of the clearstream and the first and second encryption streams to provide aplurality of programs.
 6. The method of claim 5, wherein a commonprogram demultiplexed from each stream is provided to a common aligner,identifier, and remapper device.
 7. A partial dual-encryption device forencrypting a clear stream, comprising: a port for providing a firstencrypted stream corresponding to the clear stream from a firstscrambler; a port for providing a second encrypted stream correspondingto the clear stream from a second scrambler; an aligner, identifier, andremapper (AIR) device coupled to each scrambler for providing a partialdual-encrypted stream, wherein the clear stream having at least onecritical packet is provided to each scrambler and the AIR device,wherein, after the streams are encrypted, the AIR device aligns packetsof the clear stream, the first encrypted stream, and the secondencrypted stream, and wherein, upon identification of the at least onecritical packet of the clear stream, provides the partial dual-encryptedstream including non-critical packets of the clear stream, a criticalpacket of the first encrypted stream, and a remapped critical packet ofthe second encrypted stream.
 8. The partial dual-encryption device ofclaim 7, the AIR device comprising: an aligner for aligning the packetsassociated with the clear stream, the first encrypted stream, and thesecond encrypted stream; an identifier for identifying the at least onecritical packet; and a remapper for remapping a packet identifier (PID)value associated with the second encrypted stream, the alignercomprising: buffers for buffering the clear stream, the first encryptedstream, and the second encrypted stream; and a packet comparator forcomparing a head packet associated with each stream in a buffer todetermine when the buffered streams are aligned and subsequentlyreleasing the streams for further processing.
 9. The partialdual-encryption device of claim 8, the AIR device further comprising:switches responsive to the identifier for allowing one of the packetsassociated with the clear stream and the packets associated with thefirst and second encrypted streams to pass through to a multiplexer. 10.The partial dual-encryption device of claim 7, further comprising: afirst demultiplexer coupled to the first scrambler to provide aplurality of first encrypted program streams; a second demultiplexercoupled to the second scrambler to provide a plurality of secondencrypted program streams; and a third demultiplexer for providing aplurality of clear program streams, wherein the demultiplexed programstreams are provided to the AIR and processed as a common program. 11.The partial dual-encryption device of claim 10, wherein the AIR deviceincludes a plurality of program AIR devices depending upon the number ofcommon programs.
 12. The partial dual-encryption device of claim 11,further comprising a common multiplexer for multiplexing the partialdual-encrypted stream from each of the plurality of program AIR devices.13. The partial dual-encryption device of claim 12, wherein the commonmultiplexer provides feedback to each of the program AIR devices thatindicates availability of bandwidth for when the number of criticalpackets of the first encrypted stream and the remapped critical packetsof the second encrypted stream can be increased.
 14. A method fortransmitting an encrypted transport stream, the method comprising thesteps of: receiving a clear stream, the clear stream including aplurality of programs, each program comprising a plurality of packetseach having a packet identifier (PID), wherein at least one of theplurality of packets is designated a critical packet; scrambling with afirst scrambler the clear stream according to a first encryption methodto provide a first encrypted stream; aligning in time the clear streamand the first encrypted stream; after providing the first encryptionstream, identifying the at least one critical packet associated with theclear stream, wherein prior to identification, packets associated withthe clear stream pass to a multiplexer and encrypted packets associatedwith the first encrypted stream drop, and wherein subsequent toidentification, packets associated with the clear stream pass to asecond scrambler and encrypted packets associated with the firstencrypted stream pass to the multiplexer, wherein the second scramblerprovides a second encrypted stream to the multiplexer; and multiplexingnon-critical packets associated with the clear stream and the encryptedcritical packets associated with the first and second encrypted streamsto provide a partial dual-encrypted stream.
 15. The method of claim 14,the steps further comprising remapping the second encrypted stream to anew PID value.
 16. A partial dual-encryption device, comprising: a portfor providing a first encrypted stream from a first scrambler; analigner, identifier, and remapper (AIR) device coupled to the scramblerfor providing a partial dual-encrypted stream, wherein a clear streamhaving at least one critical packet is provided to the scrambler and theAIR device, wherein the AIR device aligns packets of the clear streamand the first encrypted stream, and identifies the at least one criticalpacket associated with the clear stream, wherein, upon identification ofthe at least one critical packet, provides the first stream having beenpreviously encrypted, provides the at least one critical packet to asecond scrambler, the second scrambler to provide a second encryptedstream, and wherein the AIR device provides the partial dual-encryptedstream including non-critical packets associated with the clear streamand dually-encrypted critical packets associated with the first andsecond encrypted streams.
 17. The partial dual-encryption device ofclaim 16, the AIR device comprising: an aligner for aligning the packetsassociated with the clear stream and the first encrypted stream; anidentifier for identifying the a critical packet associated with theclear stream; and a first switch responsive to the identifier forproviding one of the non-critical packets associated with the clearstream to a multiplexer and the critical packet associated with theclear stream to a second scrambler; a second switch responsive to theidentifier, wherein upon identification of the critical packet, thesecond switch for providing a first encrypted critical packet of thefirst encrypted stream to the multiplexer; the second scrambler coupledto the first switch for receiving the critical packet associated withthe clear stream and providing a second encrypted critical packet; and aremapper for remapping the second encrypted packet to provide a remappedencrypted critical packet.
 18. The partial dual-encryption device ofclaim 17, the AIR device comprising: a first demultiplexer coupled tothe first scrambler to provide a plurality of first encrypted programstreams; and a second demultiplexer for providing a plurality of clearprogram streams, wherein the demultiplexed program streams are providedto the AIR device and processed according to a common program stream.19. The partial dual-encryption device of claim 18, wherein the AIRdevice includes a plurality of program AIR devices depending upon thenumber of common program streams.
 20. The partial dual-encryption deviceof claim 19, further comprising a common multiplexer for multiplexingthe partial dual-encrypted stream from each of the plurality of programAIR devices, wherein the common multiplexer provides feedback to each ofthe program AIR devices that indicates availability of bandwidth forwhen the number of critical packets of the first encrypted stream andthe remapped encrypted critical packets of the second encrypted streamcan be increased.